Free AWS-SysOps Braindumps

Exam Number: AWS-SysOps

Provider: Amazon

Questions: 304

Updated On:
16-Mar-2019

Topic 1, Volume A

QUESTION: 1 You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied tor the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer(s): C Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html QUESTION: 2 When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for anaudit? (Choose 3 answers)

Answer(s): B, D, E QUESTION: 3 You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?

A. Set the ELB to only be attached to another AZ B. Make sure Auto Scaling is configured to launch in both AZs C. Make sure your AMI is available in both AZs